image credit: Pixabay

FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams

December 3, 2020

Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.

In 2019, BEC losses surpassed $1.7 billion, the FBI said in February 2020.

According to the FBI, the attackers are able to conceal their activity through auto-forwarding rules implemented on victims’ web-based email clients, but which often do not sync with the desktop client, thus hiding the malicious rules from security administrators.

Read More on Security Week